Google has acknowledged that it broke its promise to delete all the personal data its Street View cars collected from unsecured Wi-Fi networks in Britain and other countries two years ago. While Google says the failure was a mistake, its long-term consequence could mean more scrutiny from British regulators, which could slow the roll out of future services.
Google's Screw Up
Google told Britain's Information Commissioner's Office Friday that it still had a "small portion of payload data" collected from the cars that traveled through Britain photographing neighborhoods and using Wi-Fi hotspots to record location. At the same time, Google mistakenly gathered personal data, such as emails, from unsecured networks.
Google's discovery that it still had some of the data brought a quick response from the ICO. "The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern."
The upshot of getting on the ICO's bad side is increased scrutiny, because the office may decide it can no longer trust Google to keep its word. "The first time they (regulators) ask you to do something and you say you did it and you don't do it, the next time … is going to be far more invasive, because now they don't trust you," Rob Enderle, analyst for the Enderle Group, said. "This just means the relationship with Great Britain is going to degrade, and probably along with it, the European Union."
Indeed, the ICO immediately upped its scrutiny by not granting Google's request to delete the remaining data. "Our response, which has already been issued, makes clear that Google must supply the data to the ICO immediately, so that we can subject it to forensic analysis before deciding on the necessary course of action."
The disclosure brought a quick I-told-you-so response from privacy advocates. The Electronic Privacy Information Center said the ICO's initial investigation in 2010 was inadequate and the office never should have let Google delete the wrongfully collected data on its own.
"Now, the Commission will have the opportunity to examine the data that was seized and pursue a more comprehensive investigation," Marc Rotenberg, executive director of the EPIC, said in an e-mail. "This is a critical matter. Everything Google has said about Street View has been misleading, even the name! Because of course the cars did not simply capture images of streets, but also intercepted private Wi-Fi communications."
Where Was The Data?
In its letter to the ICO, Google said it found the data while physically inspecting and re-scanning Street View disks. "In conducting that review, we have determined that we continue to have payload data from the U.K. and other countries," Peter Fleischer, global privacy counsel for Google, said.
Fleischer did not list the names of the countries, but said the company was in the process of notifying the relevant authorities. Google's Street View cars gathered data from 30 countries.
Google Hurt Competitively
Depending on the reaction of authorities in the affected countries, Google could find itself having a more difficult time in getting future services approved. Such delays would benefit Google's competitors. "If a regulatory body doesn't trust you, then they fundamentally don't trust you," Enderle said. "That means they have to monitor everything that you do and that increases dramatically the amount of bureaucracy you have to work through to do anything."
Photo by Brian J. Matis.